Facility Information Governance Manager

Facility Information Governance Manager

Multiple sites (1 London Bridge)

Full Time, 37.5 hours per week, Monday-Friday

Permanent

The Facility Information Governance Manager is a shared role across a market, responsible for leading, driving, and, in some cases, implementing Information Protection & Security (IPS) activities in company entities under the supervision of the Division Business Protection Officer (BPO). He or she serves as a liaison between local site leadership, ITG senior management and IPS leadership.

Under general supervision from the BPO, they are responsible for performing a wide range of tasks that support the ongoing maturation of the IPS program, including: driving consistency and visibility of IPS risk management activities; working with business owners to protect patients and prevent data loss; and walkthroughs with local leadership to reduce or eliminate risky behaviours. They are responsible for helping workforce members appropriately comply with the company's IPS policies, procedures and compliance requirements.

What you'll do:

1. Conduct risk assessments using corporate-provided tools and templates.
2. Implement corrective action plans to address deficiencies.
3. Ensure the designated committees (such as facility-level Governance and Business Continuity Committees, Information Governance Board, Risk Management Committee and others), documents, tracks, investigates, and sponsors remediation of security control deficiencies, suspected IPS incidents, and complaints.
4. Provide education and guidance to ensure these committees make informed, risk-based decisions necessary to balance business needs and security objectives.
5. Deliver and enhance HCA's Be the Hero cyber security awareness training.
6. Represent IPS needs in strategic planning, budgeting, and work prioritisation processes.
7. Drive ongoing compliance with IPS policies, standards and operational procedures.
8. Support the delivery and expansion of current information security frameworks (such as ISO 27001:2022, NHS Data Security and Protection Toolkit (DSPT) and PCI-DSS).
9. Work with local leaders to submit and approve exceptions to IPS standards (policies and procedures).
10. Lead audit response activities to address IPS issues identified by Internal Audit or external auditors (e.g. ISO 27001, DSPT, PCI-DSS, GDPR and other security related audits).
11. Work closely with the Data Protection Team, Information Technology Group (ITG), Physical Security, Emergency Planning Department to ensure that IPS requirements are met both in projects and day-to-day activities.
12. Manage incident response and investigation activities.
13. Collaborate with business owners, IT, supply chain, and IPS stakeholders to secure vendor contracts, ensure security assessments and proper controls are in place. This includes the documentation of vulnerabilities with mitigation actions, while ensuring vendor systems use approved connectivity, remote management, and monitoring.

What you'll bring:

1. Experience in a lead Information Governance or Security GRC role.
2. Strong communication skills; oral and written modalities.
3. Experience of carrying out privacy and risk surveys/audits (using ISO 27001, DSPT or equivalent).
4. Delivering awareness and training; communication and presentation abilities.
5. Data Protection experience; completion and assessment of DPIAs and supplier/client contracts.
6. Ability to work under tight deadlines and prioritise responsibilities.

Why HCA UK?

Originally founded over 50 years ago by Dr Thomas Frist, HCA has gone on to become one of the world's leading healthcare providers. In the UK, we're one of the largest providers of privately funded healthcare and have invested over £500 million in the latest treatments, technology, techniques, medication and facilities. Being part of a large multisite, established healthcare group we can offer you unrivalled opportunities for career progression through internal and external courses, as well as working conditions that prioritise both your mental and physical wellbeing.

By caring for our employees, we empower them to provide exceptional care for our patients. That's why we offer a host of flexible benefits that reflect the invaluable contribution they make every day. You'll be eligible for:

1. 25 days holiday each year (plus bank holidays) increasing with service, with option to buy or sell leave to suit you.
2. Private Healthcare Insurance for treatment at our leading hospitals.
3. Private pension contribution which increases with length of service.
4. Season Ticket Loan and Cycle to Work scheme.
5. Group Life Assurance from day one.
6. Critical illness cover.
7. Enhanced Maternity and Paternity pay.
8. Corporate staff discount for all facilities including Maternity packages at The Portland.
9. Comprehensive range of flexible health, protection and lifestyle benefits to suit you.
10. Discounts with over 800 major retailers.

Culture and values

At HCA UK we believe exceptional care starts with our people. We celebrate the unique perspectives and different experiences each of us bring as we know that when you feel seen, heard and supported you can be at your best for our patients, and each other.

Our mission is simple, above all else we're committed to the care and improvement of human life, a clear statement that extends to both our patients and colleagues. To achieve this, we live and breathe four core values:

1. Unique and Individual: We recognise and value everyone as unique and individual.
2. Kindness and compassion: We treat people with kindness and compassion.
3. Honesty, integrity and fairness: We act with absolute honesty, integrity and fairness.
4. Loyalty, respect and dignity: We trust and treat one another as valued members of the HCA UK family with loyalty, respect and dignity.

Reasonable adjustments

We believe everyone should feel comfortable to bring their full self to work and be afforded the same opportunities. As a Disability Confident committed organisation, we're happy to discuss flexible working arrangements to suit your needs as well as offer reasonable adjustments throughout our recruitment process, and in the workplace, to anyone that needs them.

#LI-HA1